Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV.
Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s luck holds for a ninth consecutive Patch Tuesday, since neither of today’s zero-day vulnerabilities are evaluated as critical severity at time of publication. Today also sees the publication of eight critical remote code execution (RCE) vulnerabilities.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Broadcom Releases Security Updates for VMware Aria Operations, Tools, and Cloud Foundation
September 30, 2025
Broadcom has released security updates to address vulnerabilities in VMware Aria Operations, Tools, and Cloud Foundation components of VMware products. The updates address 2 high severity and 1 medium severity vulnerabilities. CVE-2025-41244 – “Privilege defined with unsafe actions” vulnerability – CVSSv3 score of 7.8 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber ...
- CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices
September 25, 2025
Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies ...
- US federal agency breached by hackers using GeoServer exploit
September 24, 2025
In mid-July 2024, a threat actor managed to break into a US Federal Civilian Executive Branch (FCEB) agency by exploiting a critical remote code execution (RCE) vulnerability in GeoServer, the government has confirmed. In an in-depth report detailing the incident, the US Cybersecurity and Infrastructure Security Agency (CISA) outlined how the attackers leveraged CVE-2024-36401, a 9.8/10 ...
- This Is How Your LLM Gets Compromised
September 24, 2025
Plainly speaking, Artificial intelligence is no longer a fringe technology. It has become a core component of modern business, from customer service chatbots to complex data analysis. We often treat the Large Language Models (LLMs) that are at the core of this technology as trusted black boxes. But like any software, they can be tampered with, ...
- Serious Microsoft Entra flaw could have let hackers infiltrate any user – patch now
September 22, 2025
Security researchers have found a critical vulnerability in Microsoft Entra ID which could have allowed threat actors to gain Global Administrator access to virtually anyone’s tenant – without being detected in any way. The vulnerability consists of two things – a legacy service called “actor tokens”, and a critical Elevation of Privilege bug tracked as CVE-2025-55241. ...
- WatchGuard warns users Firebox firewalls may have a critical issue
September 19, 2025
WatchGuard has fixed a critical-severity vulnerability affecting its Firebox firewalls and is urging users to apply the newly released patch without hesitation. In a security advisory, the company said it addressed an out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process, which “may allow a remote unauthenticated attacker to execute arbitrary code”. The vulnerability was ...